website annotate en/doc/handbook/network-config.html @ rev 546

en: Edit Handbook
author Paul Issott <paul@slitaz.org>
date Wed Sep 23 17:07:04 2009 +0000 (2009-09-23)
parents fa2c5bed2417
children b8788d938e18
rev   line source
paul@15 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
paul@15 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
paul@15 3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
paul@15 4 <head>
paul@15 5 <title>SliTaz Handbook - Network configuration</title>
paul@15 6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
paul@15 7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
paul@15 8 <meta name="expires" content="never" />
paul@323 9 <meta name="modified" content="2009-03-23 19:30:00" />
paul@15 10 <meta name="publisher" content="www.slitaz.org" />
paul@15 11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
paul@15 12 <link rel="shortcut icon" href="favicon.ico" />
paul@15 13 <link rel="stylesheet" type="text/css" href="book.css" />
paul@15 14 </head>
paul@15 15 <body bgcolor="#ffffff">
paul@15 16
paul@15 17 <!-- Header and quick navigation -->
paul@15 18 <div id="header">
paul@15 19 <div align="right" id="quicknav">
paul@15 20 <a name="top"></a>
paul@63 21 <a href="system-admin.html">System administration</a> |
paul@15 22 <a href="index.html">Table of contents</a>
paul@15 23 </div>
paul@15 24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
paul@15 25 </div>
paul@15 26
paul@15 27 <!-- Content. -->
paul@15 28 <div id="content">
paul@15 29 <div class="content-right"></div>
paul@15 30
paul@15 31 <h2><font color="#DF8F06">Network configuration</font></h2>
paul@15 32
paul@15 33 <ul>
pascal@535 34 <li><a href="index.html#about">About the Network.</a></li>
pascal@535 35 <li><a href="index.html#netbox">Netbox</a> - Configure the network.</li>
pascal@535 36 <li><a href="index.html#wifibox">Wifibox</a> - Configure wireless networks.</li>
pascal@535 37 <li><a href="index.html#hostname">/etc/hostname</a> - Hostname.</li>
pascal@535 38 <li><a href="index.html#network.conf">/etc/network.conf</a> - Network
paul@323 39 configuration file.</li>
pascal@535 40 <li><a href="index.html#dynamicIP">Dynamic IP</a> - Client DHCP udhcpc.</li>
pascal@535 41 <li><a href="index.html#staticIP">Static IP</a> - Using a specific address.</li>
pascal@535 42 <li><a href="index.html#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection
paul@321 43 in Kernel mode.</li>
pascal@535 44 <li><a href="index.html#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
pascal@535 45 <li><a href="index.html#driver">Install network card driver</a> - Find and load
paul@323 46 Kernel modules.</li>
pascal@535 47 <li><a href="index.html#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
paul@15 48 </ul>
paul@15 49
paul@321 50 <a name="about"></a>
paul@314 51 <h3>About the Network</h3>
paul@15 52 <p>
paul@15 53 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
paul@15 54 network card has been identified as an <code>eth0</code> interface and you use
paul@15 55 a router, your connection should already be working. DHCP is dynamically
paul@15 56 configured, on each boot the client asks for a new IP address from
paul@546 57 the DHCP server which is integrated into the router, or on another computer.
paul@15 58 If you need a static IP, you can directly edit config files or use the GUI
paul@321 59 <code>netbox</code> available from the System menu --&gt; System tools.
paul@321 60 In a terminal or a Linux console, you can list all available network
paul@321 61 interfaces with the command <code>ifconfig</code> followed by the
paul@321 62 <code>-a</code> option:
paul@15 63 </p>
paul@15 64 <pre>
paul@15 65 $ ifconfig -a
paul@15 66 </pre>
paul@15 67 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
paul@15 68 without any arguments:
paul@15 69 </p>
paul@15 70 <pre>
paul@15 71 $ route
paul@15 72 </pre>
paul@15 73 <p>
MikeDSmith25@117 74 The system wide network configuration file is <code>/etc/network.conf</code>.
MikeDSmith25@117 75 It can be graphically configured with <code>netbox</code> or directly edited by
paul@15 76 the root administrator.
paul@15 77 </p>
paul@15 78
paul@314 79 <a name="netbox"></a>
paul@321 80 <h3>Netbox - Configure the network</h3>
paul@314 81 <p>
paul@314 82 Netbox is a small GTK+ application to configure a network interface using
paul@314 83 DCHP or a fixed (static) IP address. The tabs can be used to start/stop the
paul@314 84 connections and automatically change the values in the system files. Netbox
paul@321 85 provides a system wide tab from which you can directly edit network
paul@321 86 configuration files, and tabs to configure PPP/PPPoE username/passwords.
paul@321 87 Servers such as SSH, DHCP, PXE, DNS, etc can also be configured and it's
paul@321 88 possible to create your own virtual private network (VPN) using the tools
paul@321 89 provided.
paul@314 90 </p>
paul@314 91
paul@314 92 <img
paul@314 93 src="images/screenshots/netbox.png"
paul@314 94 alt="Slitaz Netbox"
paul@314 95 style="width: 536px; height: 357px;" />
paul@314 96
paul@314 97 <p>
paul@321 98 You can start netbox from the System tools menu or via a terminal:
paul@314 99 </p>
paul@314 100 <pre>
paul@314 101 $ subox netbox
paul@314 102 </pre>
paul@314 103
paul@314 104 <a name="wifibox"></a>
paul@321 105 <h3>Wifibox - Graphical configuration of the wireless network</h3>
paul@314 106 <p>
paul@314 107 Wifibox is small interface to configure a network connection (Wifi,
paul@314 108 WLAN, or Wireless). The 'Networks' tab displays a list of available
paul@314 109 networks, just double click on a network name to connect. If the network
paul@314 110 is secure, the key will then be sought.
paul@314 111 </p>
paul@314 112
paul@314 113 <img
paul@314 114 src="images/screenshots/wifibox.png"
paul@314 115 alt="SliTaz Wifibox"
paul@314 116 style="width: 533px; height: 330px;" />
paul@314 117
paul@314 118 <p>
paul@314 119 The 'Favorites' tab allows you to set your preferred networks. Once a
paul@314 120 network is added, just double click on the network name to connect. The
paul@314 121 'Configuration' tab lets you configure a connection manually using the
paul@314 122 advanced settings such as the mode or channel. The 'Drivers' tab allows
paul@314 123 you to configure a network card; there are 3 options:
paul@314 124 </p>
paul@314 125 <ol>
paul@314 126 <li>The card is supported directly by the kernel via a module.</li>
paul@314 127 <li>The card needs a module and non-free firmware that can be installed
paul@321 128 automatically via the auto-detect tool (tazhw).</li>
paul@314 129 <li> The card is not supported by Linux and a Windows driver must be
paul@321 130 installed via the Windows driver manager (tazndis).</li>
paul@314 131 </ol>
paul@314 132
paul@314 133 <a name="hostname"></a>
paul@321 134 <h3>/etc/hostname - The hostname</h3>
paul@63 135 <p>
paul@314 136 The file /etc/hostname sets the machine name. This is loaded at system
paul@314 137 startup with the command 'hostname', without an argument this
paul@314 138 command returns the current machine name:
paul@63 139 </p>
paul@63 140 <pre>
paul@314 141 $ hostame
paul@314 142 </pre>
paul@314 143 <p>
paul@314 144 To change the hostname, you can use the <code>echo</code> command or a text
paul@314 145 editor available on SliTaz (you must be root). Example using <code>echo </code>
paul@314 146 and the machine name <code>kayam</code>:
paul@314 147 </p>
paul@314 148 <pre>
paul@314 149 # echo "kayam" > /etc/hostname
paul@63 150 </pre>
paul@63 151
paul@323 152 <a name="network.conf"></a>
paul@323 153 <h3>/etc/network.conf</h3>
paul@323 154 <p>
paul@323 155 /etc/network.conf is the SliTaz system network configuration file. It's syntax
paul@323 156 is simple and you can edit its contents with a text editor such as Nano.
paul@323 157 /etc/network.conf is used by the script /etc/init.d/network.sh to configure the
paul@323 158 network interface at boot time.
paul@323 159 </p>
paul@323 160
paul@323 161 <a name="dynamicIP"></a>
paul@323 162 <h3>Dynamic IP - DHCP client udhcpc</h3>
paul@323 163 <p>
paul@323 164 The DHCP client udhcpc supplied with Busybox uses the
paul@323 165 /usr/share/udhcpc/default.script to get an IP address dynamically at
paul@323 166 boot. It supports various options which you can view with the
paul@323 167 <code>--help</code> option:
paul@323 168 </p>
paul@323 169 <pre> # udhcpc --help
paul@323 170 </pre>
paul@323 171 <p>
paul@323 172 To disable udhcpc on eth0 or modify the interface (eg eth1), you must
paul@323 173 edit the /etc/network.conf file and place the value "no" in the variable DHCP=:
paul@323 174 </p>
paul@323 175 <pre class="script">
paul@323 176 # Dynamic IP address.
paul@323 177 # Enable/disable DHCP client at boot time.
paul@323 178 DHCP="no"
paul@323 179 </pre>
paul@323 180
paul@323 181 <a name="staticIP"></a>
paul@323 182 <h3>Static IP - Using a specific address</h3>
paul@323 183 <p>
paul@323 184 You can specify a fixed IP address to configure at boot time by using
paul@323 185 the value "yes" in the variable STATIC=:
paul@323 186 </p>
paul@323 187 <pre class="script">
paul@323 188 # Static IP address.
paul@323 189 # Enable/disable static IP at boot time.
paul@323 190 STATIC="yes"
paul@323 191 </pre>
paul@323 192 <p>
paul@323 193 For the configuration to work, you must specify an IP address, its subnet
paul@323 194 mask, a default gateway (gateway) and DNS server to use. Example:
paul@323 195 </p>
paul@323 196 <pre class="script">
paul@323 197 # Set IP address, and netmask for a static IP.
paul@323 198 IP="192.168.0.6"
paul@323 199 NETMASK="255.255.255.0"
paul@323 200
paul@323 201 # Set route gateway for a static IP.
paul@323 202 GATEWAY="192.168.0.1"
paul@323 203
paul@323 204 # Set DNS server. for a static IP.
paul@323 205 DNS_SERVER="192.168.0.1"
paul@323 206 </pre>
paul@323 207
paul@15 208 <a name="pppoe"></a>
paul@321 209 <h3>PPPoE connection kernel-mode</h3>
paul@15 210 <p>
paul@15 211 PPPoE connection in kernel-mode needs 2 files. The first file is
paul@15 212 <code>/etc/ppp/options</code> where you must specify your login name:
paul@15 213 </p>
paul@15 214 <pre class="script">
paul@15 215 plugin rp-pppoe.so
paul@15 216 name &lt;your provider connection ID&gt;
paul@15 217 noipdefault
paul@15 218 defaultroute
paul@15 219 mtu 1492
paul@15 220 mru 1492
paul@15 221 lock
paul@15 222 </pre>
paul@15 223 <p>
paul@15 224 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
paul@15 225 </p>
paul@15 226 <pre class="script">
paul@15 227 # client server secret IP addresses
paul@15 228 "your_login" * "your_password"
paul@15 229 </pre>
paul@15 230 <p>
paul@546 231 The config file /etc/resolv.conf will be automatically loaded. Finished, you can
paul@15 232 now connect to the internet with <code>pppd</code>:
paul@15 233 </p>
paul@15 234 <pre>
paul@15 235 pppd eth0
paul@15 236 </pre>
paul@15 237 <p>
paul@15 238 On an installed system you can start pppd on each boot using the local startup
paul@15 239 script: <code>/etc/init.d/local.sh</code>
paul@15 240 </p>
paul@15 241
paul@15 242 <a name="rp-pppoe"></a>
paul@321 243 <h3>Enable Dial-up Modem - PPPoE with rp-pppoe</h3>
paul@15 244 <p>
MikeDSmith25@117 245 To set an ASDL protocol via PPPoE, SliTaz provides the utilities
paul@15 246 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
paul@15 247 can quickly configure the network. If you use DCHP it's even easier, because
paul@15 248 the server from your ISP will take care of everything. If you do not have DHCP,
paul@546 249 you must first disable its use via <code>DHCP="no"</code> in the
paul@15 250 configuration file <code>/etc/network.conf</code>. It should be noted that to
MikeDSmith25@117 251 modify configuration files and system logs you must first become <code>root</code>.
paul@546 252 To install and change the variable DHCP with Nano (ctrl + X to save &amp; exit):
paul@15 253 </p>
paul@15 254 <pre>
paul@15 255 $ su
paul@15 256 # tazpkg get-install rp-pppoe
paul@15 257 # nano /etc/network.conf
paul@15 258 </pre>
paul@15 259 <h4>Configure with pppoe-setup</h4>
paul@15 260 <p>
paul@15 261 To begin to configure your PPPoE connection, you must first open an Xterm or
MikeDSmith25@117 262 Linux console and launch <code>pppoe-setup</code> and then begin to answer
paul@15 263 the following questions:
paul@15 264 </p>
paul@15 265 <pre>
paul@15 266 # pppoe-setup
paul@15 267 </pre>
paul@15 268 <ol>
paul@15 269 <li>Enter your username, please note that this is the username with which you
paul@15 270 communicate with your ISP.</li>
paul@15 271 <li>Internet interface, default is eth0 unless you have more than one,
paul@156 272 in which case you will have eth1, eth2, etc. Usually the Enter key is
paul@15 273 sufficient.</li>
paul@15 274 <li>If you have a permanent ASDL link answer
MikeDSmith25@117 275 <strong>yes</strong>, otherwise answer <strong>no</strong> (default).</li>
MikeDSmith25@117 276 <li>Specify the primary and secondary DNS your ISP uses (you may have to ask).</li>
paul@15 277 <li>Enter the password with which you communicate with your ISP (you need
MikeDSmith25@117 278 to enter it twice).</li>
MikeDSmith25@117 279 <li>Choose the firewall settings depending on your hardware. If you
paul@15 280 have a router you can enter 1 or 2. If in doubt enter 1.</li>
paul@15 281 </ol>
paul@15 282 <h4>Start and Stop the connection</h4>
paul@15 283 <p>
paul@15 284 Still using the command line, simply type <code>pppoe-start</code> to start
paul@15 285 the connection. A few seconds later the system tells you that it is connected.
paul@159 286 If it gives you a message like TIMED OUT, you may have poorly configured or
paul@15 287 the connection is defective. Please check the wiring and repeat the installation
paul@15 288 from the beginning. To start the connection:
paul@15 289 </p>
paul@15 290 <pre> # pppoe-start
paul@15 291 </pre>
paul@15 292 <p>
paul@129 293 To stop the connection, you can type
paul@128 294 <code>pppoe-stop</code>.
paul@15 295 </p>
paul@15 296
paul@323 297 <a name="driver"></a>
paul@323 298 <h3>Install network card driver</h3>
paul@323 299 <p>
paul@323 300 In case you need a network card driver and don't know the driver name, you can
paul@323 301 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
paul@323 302 to load a module. In Live mode you can use the SliTaz boot option
paul@323 303 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
paul@323 304 list of all available network card drivers, display PCI eth cards and load a
paul@323 305 module:
paul@323 306 </p>
paul@323 307 <pre>
paul@323 308 # modprobe -l | grep drivers/net
paul@323 309 # lspci | grep [Ee]th
paul@323 310 # modprobe -v module_name
paul@323 311 </pre>
paul@323 312 <p>
paul@323 313 On an installed system you just need to add the module_name to the variable
paul@323 314 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
paul@323 315 on each boot.
paul@323 316 </p>
paul@323 317
paul@15 318 <a name="firewall"></a>
paul@321 319 <h3>Manage the Firewall (<em>firewall</em>) using Iptables</h3>
paul@15 320 <p>
paul@15 321 SliTaz provides a very basic firewall, the kernel security rules are launched
paul@15 322 at boot time and iptables rules are disabled by default. You can
paul@546 323 activate/disable these at startup by using the configuration file
paul@15 324 /etc/firewall.conf.
paul@15 325 </p>
paul@15 326 <p>
paul@155 327 The default <em>firewall</em> script begins with its own set options for the
paul@15 328 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
paul@15 329 spoof filters. The script then launches the rules defined in the
paul@15 330 <code>iptables_rules()</code> function of the configuration file:
paul@15 331 /etc/firewall.conf.
paul@15 332 </p>
paul@15 333 <p>
paul@546 334 The <em>firewall</em> uses Iptables, it consists of two files:
paul@15 335 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
paul@546 336 these. Note Iptables has lots of options. For more infomation see the official
paul@15 337 documentation available online:
paul@15 338 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
paul@15 339 </p>
paul@15 340 <h4>Start, stop, restart the firewall</h4>
paul@15 341 <p>
paul@15 342 The script /etc/init.d/firewall lets you start/restart, stop or display the
paul@15 343 status of the firewall. The restart option is often used to test new rules
paul@15 344 after editing the configuration file. Example:
paul@15 345 </p>
paul@15 346 <pre>
paul@15 347 # /etc/init.d/firewall restart
paul@15 348 </pre>
paul@15 349 <h4>Enable/Disable the firewall at boot</h4>
paul@15 350 <p>
MikeDSmith25@117 351 To enable/disable options specific to the Kernel place "yes"
paul@15 352 or "no" in the variable KERNEL_SECURITY= :
paul@15 353 </p>
paul@15 354 <pre class="script">
paul@15 355 # Enable/disable kernel security at boot time.
paul@15 356 KERNEL_SECURITY="yes"
paul@15 357 </pre>
paul@15 358 <p>
paul@15 359 and to activate/deactivate the iptables rules, it is necessary to modify the
paul@546 360 IPTABLES_RULES= variable :
paul@15 361 </p>
paul@15 362 <pre class="script">
paul@15 363 # Enable/disable iptables rules.
paul@15 364 IPTABLES_RULES="yes"
paul@15 365 </pre>
paul@15 366 <h4>Add, delete or modify the iptables rules</h4>
paul@15 367 <p>
MikeDSmith25@117 368 At the bottom of the configuration file: /etc/firewall.conf, you will find a
MikeDSmith25@117 369 function named: <code>iptables_rules()</code>. This function contains all of
MikeDSmith25@117 370 the iptables commands to launch when the firewall starts. To delete a rule, It
MikeDSmith25@117 371 is advisable to comment out the corresponding line with a <code>#</code>. It is
MikeDSmith25@117 372 <em>not</em> advisable to leave the function completely empty, if you want to disable the
paul@15 373 iptables rules just add "no" to the variable IPTABLES_RULES= in the
paul@15 374 configuration file.
paul@15 375 </p>
paul@15 376 <p>
MikeDSmith25@117 377 Here's an example of using iptables rules. It only allows connections on the
MikeDSmith25@117 378 localhost and the local network, and ports 80, 22, and 21 used by the web server
MikeDSmith25@117 379 HTTP, the SSH secure server and FTP respectively. All other incoming and
MikeDSmith25@117 380 outgoing connections are refused, so it's fairly restrictive.
paul@15 381 </p>
paul@15 382 <pre class="script">
paul@15 383 # Netfilter/iptables rules.
MikeDSmith25@117 384 # This shell function is included in /etc/init.d/firewall.sh
paul@15 385 # to start iptables rules.
paul@15 386 #
paul@15 387 iptables_rules()
paul@15 388 {
paul@15 389
MikeDSmith25@117 390 # Drop all connections.
paul@15 391 iptables -P INPUT DROP
paul@15 392 iptables -P OUTPUT DROP
paul@15 393
paul@15 394 # Accept all on localhost (127.0.0.1).
paul@15 395 iptables -A INPUT -i lo -j ACCEPT
paul@15 396 iptables -A OUTPUT -o lo -j ACCEPT
paul@15 397
paul@15 398 # Accept all on the local network (192.168.0.0/24).
paul@15 399 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
paul@15 400 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
paul@15 401
paul@15 402 # Accept port 80 for the HTTP server.
paul@15 403 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
paul@15 404 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
paul@15 405
paul@15 406 # Accept port 22 for SSH.
paul@15 407 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
paul@15 408 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
paul@15 409
paul@15 410 # Accept port 21 for active FTP connections.
paul@15 411 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
paul@15 412 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
paul@15 413
paul@15 414 }
paul@15 415 </pre>
paul@15 416
paul@15 417 <!-- End of content -->
paul@15 418 </div>
paul@15 419
paul@15 420 <!-- Footer. -->
paul@15 421 <div id="footer">
paul@15 422 <div class="footer-right"></div>
pascal@535 423 <a href="index.html#top">Top of the page</a> |
paul@15 424 <a href="index.html">Table of contents</a>
paul@15 425 </div>
paul@15 426
paul@15 427 <div id="copy">
paul@15 428 Copyright &copy; 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
paul@15 429 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
paul@15 430 Documentation is under
paul@15 431 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
paul@15 432 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
paul@15 433 </div>
paul@15 434
paul@15 435 </body>
paul@15 436 </html>
paul@15 437